.htaccess authentication doesn't use cookies: the browser sends the password to the client againa t every page request in the protected directory or subdirectory of that. Usually, the user only has to enter the password one, and that's the behavior I notice on my web server with all the browsers I use (Mozilla, and rarely MSIE but it works).

Maybe it's a particular problem of your browser, or you need to tweak your server's configuration.

Michele.